Re: Network Storage

[Maverick <myeaddress () gmail com>]

Thank you very much for your suggestions.

1) My goal is to store the traffic may be fore ever, and analyze it in
the future for security related incidents detected by ids/ips.

2) I am storing just header and initial few bytes but still it gets
filled up quite quickly.

3) Netflow approach is nice but I also want to have traces available
for reasons mentioned in 1).

4) Are there any issues having an external storage as a solution for
this problem.

Best,
Ali

On Thu, Apr 12, 2012 at 5:06 PM, Michael J McCafferty
<mike () m5computersecurity com> wrote:
> Ali,
>        Do you need to capture the whole packet, including the payload? You
> will save a lot of space by just capturing the headers. For example,
> tcpdump doesn't capture the whole packet by default anyway. You may not
> be able to capture at line rate anyway depending on what you are using
> to capture with (drivers, libraries, software, etc). See the -s option
> in tcpdump man page for info.
>
> Good luck,
> Mike
>
> On Thu, 2012-04-12 at 16:25 -0400, Maverick wrote:
> > Hello Everyone,
> >
> > Can you please comment on what is best solution for storing network
> > traffic. We have been graciously granted access by our network
> > administrator to capture traffic but the one Tera byte disk space is
> > no match with the data that we are seeing, so it fills up quickly. We
> > can't get additional space on the server itself so I am looking for
> > some external solutions. Can you please suggest something that would
> > be best for Gbps speeds .
> >
> >
> > Best,
> > Ali
>
> --
> ************************************************************
> Michael J. McCafferty
> CEO
> M5 Hosting
> http://www.m5hosting.com
>
> Like us on Facebook for updates and photos:
> https://www.facebook.com/m5hosting
> ************************************************************